All Russian applications that were preinstalled as mandatory on smartphones and tablets in accordance with the law in force from April 1, can transfer user data abroad. The law on compulsory pre-installation of software was created to support domestic developers, but one of its consequences may be to improve advertising targeting for foreign corporations.
From the report of ANO Information Culture, which was reviewed by Kommersant, it follows that all mandatory commercial applications contain analytical trackers (hidden programs) that collect data about users and transfer them abroad.
Information Culture analyzed the code of 16 classes of programs for the Android and iOS operating systems, including the Mail.ru Group, Yandex, Kaspersky Lab applications, New Cloud Technologies (NOT, the MyOffice brand), and also “Gosuslugi” and the “Mir” payment system. The organization learned that only the Mir payment system application does not have built-in tracking mechanisms. Other services, including “Gosuslugi”, have analytical mechanisms Google AdMob (contextual advertising service), Facebook Ads and other companies.
Companies that can receive user data included Google, Yahoo, Microsoft, Huawei, Facebook and other foreign IT corporations. The anonymized data that corporations receive is mainly used to target advertisements.
Smartphones on which Google and Apple services were preinstalled are now collecting user data. The domestic applications selected for preinstallation had similar functionality before, but users installed them at their own will. “The authorities have made the pre-installation of these applications mandatory, that is, de facto, they ha
ve taken responsibility for transferring citizens’ data to third parties in other countries,” Ivan Begtin, director of InfoCulture, told Kommersant.
The ministry noted that the preinstalled programs are available in application stores – the requirements for them are similar to those for other programs that are available to users. According to a government decree, pre-installed programs must comply with the requirements of the operating system on which the smartphone operates, including in terms of security and personal data protection.